1.18.0 (2021-05-15)¶
Add support for Django 3.2.
Prevent auto-completion of the CA password field in the admin interface.
Improve CSR validation when using the admin interface.
Check permissions when resigning certificates.
Require the
change certificate
permission when revoking certificates.Preselect profile of original certificate when resigning certificates.
Make sure that operators for OrderedSetExtension always return an instance of the implementing class, not of the base class.
Certificate bundles now always end with a newline, as normal bundles do.
Add setuptools extras for
mysql
andpostgres
.Add MySQL support for the Docker image.
Backwards incompatible changes¶
Don’t load configuration from
localsettings.py
(deprecated since1.15.0
).The
x509
property anddump_certificate()
where removed fromCertificateAuthority
andCertificate
:To access a string-encoded PEM use
obj.pub.pem
(was:obj.x509
).To update an instance with a certificate use
update_certificate()
(was:obj.x509 = ...
).Use
obj.pub.pem
orobj.pub.der
to get an encoded certificate (was:obj.dump_certificate()
).
Drop support for Django 3.0.
Drop support for cryptography 2.8 and 2.9.
Drop support for Celery 4.3 and 4.4.
Drop support for idna 2.9.
Python API¶
Store certificates and CSRs as bytes to improve access speed.
Linting and continuous integration¶
Use GitHub Actions instead of Travis.
Use
pyproject.toml
for all tools that support it.Code is now formatted with black.
Code is now linted using pylint.
Code is now fully type-hinted and type safe according to mypy. This requires the upcoming release of cryptography (current: 3.4).
Documentation is now cleaned with doc8.
Documentation is now spell-checked using sphinxcontrib.spelling.
Deprecation notices¶
This is the last release to support cryptography 3.0, 3.1 and 3.2.
Passing a
str
orbytes
tocreate_cert()
will be removed in django-ca 1.20.0.Passing a
str
as an algorithm inget_crl()
,create_cert()
is deprecated and will no longer work in django-ca 1.20.0. Pass aHashAlgorithm
instance instead.django_ca.utils.parse_csr()
is no longer useful and will be removed in django-ca 1.20.0.Creating an index for running an OCSP responder with openssl-ocsp(1SSL) is deprecated and will be removed in django-ca 1.20.0. The man page explicitly states it “is only useful for test and demonstration purposes”, and we can solidly run our own responders by now.